-
Notifications
You must be signed in to change notification settings - Fork 98
Developer's Guide
mzap edited this page May 7, 2015
·
12 revisions
Every hook must have:
- A prototype in hooks.h
- An associated .c file
Our hooks are defined in hooks.h, a C header file that our builder parses to write our config.h, and used during the compilation step. We have to parse it to generate the list of REAL_HOOKS that will be used to call the real syscall in our config.h.
The prototype must always specify the return type, followed by the real syscall name, separated by a single space. It must end with HOOKED, a macro defined earlier in the header file.
<return_type> <syscall>(args) HOOKED;Every hook is done in its singular file. Every hook must call the real syscall when idenfying the attacker, and do whatever you want it to do otherwise, keeping stealth in mind.